Home > Vulnerability Database > CVE-2013-4891

Mend.io Vulnerability Database

CVE-2013-4891

Good to know:

Date: February 21, 2018

The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.

Language: PHP

Severity Score

6.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-4891

Url: https://nealpoole.com/blog/2013/07/codeigniter-21-xss-clean-filter-bypass/

Url: https://github.com/bcit-ci/CodeIgniter/issues/4020

Url: https://www.codeigniter.com/userguide2/changelog.html

Url: https://www.mend.io/vulnerability-database/CVE-2013-4891

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version dark-prospect-games/facebook-ignited - v1.2.0;nailsapp/common - 0.2.0;cloudmanic/cloudmanic-cms - no_fix;iet-ou/open-media-player - no_fix;renanmpimentel/codeigniter_start - no_fix;kodazzi/amazonas - no_fix;kodazzi/amazonas - v1.0.0-alpha;despark/ignicms - no_fix;hanischit/codeigniter-restserver - 2.7.2;vtlfokin/codeigniter - 2.1.4;nwcode4hire/bonfire - 0.11;burimaliu/spincmsv2 - v1.1.4;agriya/webshoppack - no_fix;roulette/roulette - no_fix;opensource-workshop/connect-cms - v0.0.1.20201008;opensource-workshop/connect-cms - v0.0.1.20201207;opensource-workshop/connect-cms - v0.0.1.20210104;opensource-workshop/connect-cms - v0.0.1.20220207;opensource-workshop/connect-cms - dev-PageManage;savy/admin - no_fix;savy/admin - 1.0.3;tastyigniter/tastyigniter - v1.0.0;tastyigniter/tastyigniter - v1.1.0;webdmg/codeigniter - v3.0.6;webdmg/codeigniter - 0.1.1;jhjjang/sns_login - no_fix;robjuz/cakephp-kovicky - no_fix;maxtream/themages - no_fix;foolz/foolfuuka - dev-2-0-stable;schachbulle/contao-forum-bundle - no_fix;schachbulle/contao-forum-bundle - 0.0.4;ezrun/framework-standard-edition - no_fix;livecms/core - no_fix;livecms/livecms - dev-liveCommerce;rogeriopradoj/codeigniter - 2.1.4;imagecms/imagecms - v4.8.1;ellislab/codeigniter - 2.1.4;nails/common - 0.2.0;codeigniter/framework - 2.1.4;despark/igni-core - no_fix;chriskacerguis/codeigniter-restserver - 2.7.2;webdmg/system-c - 0.1.1;webdmg/system-c - v3.0.6;rnkpatel/laravel-blog - no_fix;diyphpdeveloper/cmscanvas - v1.1.4;alextselegidis/easyappointments - 0.7.1

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-4891

Good to know:

Date: February 21, 2018

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?